Managing Mobility. 10 top tips for Enterprise Mobility Management



Similar documents
Mobile Device Management (MDM) Policies. Best Practices Guide.

Mobile Device Management (MDM) Policies

Special Report. Choosing the right mobile device platform for your business

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

Sophos Mobile Control User guide for Apple ios. Product version: 4

Using the Apple Configurator and MaaS3360

Mobile Device Management ios Policies

Deploying iphone and ipad Mobile Device Management

Sophos Mobile Control User guide for Apple ios

Deploying iphone and ipad Apple Configurator

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Sophos Mobile Control user help. Product version: 6.1

iphone in Business Mobile Device Management

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Advanced Configuration Steps

Mobile Iron User Guide

ios Enterprise Deployment Overview

Sophos Mobile Control Startup guide. Product version: 3

McAfee Enterprise Mobility Management

ios Education Deployment Overview

ipad in Business Mobile Device Management

Sophos Mobile Control Startup guide. Product version: 3.5

Compliance Rule Sets in MaaS360

Cisco Mobile Collaboration Management Service

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

Dell Mobile Management. Apple Device Enrollment Program

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

Sophos Mobile Control User guide for Android

Symantec Mobile Management Suite

11 Best Practices for Mobile Device Management (MDM)

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Codeproof Mobile Security & SaaS MDM Platform

How to wipe personal data and from a lost or stolen mobile device

Apple Deployment Programs Apple ID for Students: Parent Guide

Students Mobile Messaging Registration & Configuration

Workplace-as-a-Service BYOD Management

Sophos Mobile Control User guide for Android. Product version: 4

Manage Mobile Devices

Deploying iphone and ipad Security Overview

Corporate-level device management for BlackBerry, ios and Android

CentraStage & Apple Configurator

A Brief Insight on IOS deployment in Education System- need for 3 rd Platform implementation in Schools

How to configure Mac OS X Server

Feature List for Kaspersky Security for Mobile

Mobile Device Management

FINAL DRAFT. APPLE ios 9 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) CONFIGURATION TABLE. Version 1, Release 0.1.

1. Set a longer (and stronger) six-digit passcode. 2. Prevent apps from uploading your data

End User Devices Security Guidance: Apple ios 8

Management Website User Guide. SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete

Android support for Microsoft Exchange in pure Google devices

ios How to Back Up from icloud

LabTech Mobile Device Management Overview

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

The software and tools we use to deploy our ipads

ManageEngine Desktop Central. Mobile Device Management User Guide

IT Resource Management & Mobile Data Protection vs. User Empowerment

Apple Configurator MDM Site - Review

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

How To Manage A Mobile Device Management (Mdm) Solution

NHSmail mobile configuration guide Apple iphone

umobilecam Setup Guide All-in-One Mobile Surveillance for Android, ios, Mac, Windows Webcam, IP camera (version 1.0)

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

Mobile Device Management for CFAES

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Introduction to AirWatch and Configurator

Sophos Mobile Control User guide for Windows Mobile

Kaspersky Security for Mobile

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Online Services User Guide

Reboot, reset, erase, power off, restore - what's the difference?

How To Write A Mobile Device Policy

Sophos Mobile Control Administrator guide. Product version: 3.6

ONLINE ACCOUNTABILITY FOR EVERY DEVICE. Quick Reference Guide V1.0

Smart Ideas for Smartphone Security

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Android Support on Galaxy Nexus, Nexus S, and Motorola Xoom for Microsoft Exchange Policies

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Junos Pulse for Google Android

FREQUENTLY ASKED QUESTIONS

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Backing up your digital image collection provides it with essential protection.

[BRING YOUR OWN DEVICE POLICY]

MDM Mobile Device Management

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

IT Resource Management vs. User Empowerment

Mobile Device Management Solution Hexnode MDM

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

ios Team Administration Guide (Legacy)

Btech IT SECURITY SERVICES. Financial Mobility Balancing Security and Success

Transcription:

Managing Mobility 10 top tips for Enterprise Mobility Management

About Trinsic Trinsic is a new kind of business communications specialist, built from the ground up to help your organisation leave behind Siloed IT, telephony and mobile communications thinking, and move confidently into today s landscape of converged business communications. Taking business mobility beyond just being an airtime provider we can provide you with a comprehensive range of managed service options to help with your mobile communications, right through the lifecycle from project planning through deployment and mobility management to device retirement. Copyright 2015 Trinsic Limited. All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the publisher, Trinsic Limited. The information provided in this report is believed to be correct at the time of publication but cannot be guaranteed. As such Trinsic can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Trinsic and the Trinsic logo are trademarks of Trinsic Limited. All other brand, product, service names and logos are trademarks and/or registered trademarks of their respective manufacturers and companies are hereby recognised and acknowledged. July 2015 Version 1.0 2015 - Trinsic Limited 2 www.trinsic.co.uk

Contents 10 top tips for Enterprise Mobility Management... 1 About Trinsic... 2 Introduction... 5 10 Top Tips for Enterprise Mobility Management... 6 Top Tip no. 1: Know Your Industry s Regulations... 6... 6 Top Tip Number 2: Require Passcodes... 6 Types of Passcodes... 6 Minimum Length... 6 Passcode Expiration... 7 Passcode reuse... 7... 7... 7 Top Tip Number 3: Enforce Encryption... 8... 8... 8 Top Tip Number 4: Restrict Device Features as Necessary... 9... 9... 9 Top Tip Number 5: Keep a Watchful Eye on Apps... 10... 10... 10 Top Tip Number 6: Enrol Apple ios Devices through an Apple Configurator... 11... 11... 11 Top Tip Number 7: Distribute settings Over The Air (OTA)... 13... 13... 13 Top Tip Number 8: Warn first, then remediate policy violations... 14... 14... 14 Top Tip Number 9: Test Your Policies... 15... 15 2015 - Trinsic Limited 3 www.trinsic.co.uk

Top Tip Number 10: Monitor Your Devices... 15... 15... 15 2015 - Trinsic Limited 4 www.trinsic.co.uk

Introduction This document has been designed to help you manage and secure mobile devices across your organisation by sharing with you Enterprise Mobility Management (EMM) best practices we ve put together from our years of experience in this field. IBM MobileFirst Protect has been designed to give you maximum control over mobile devices, so you can reduce risks to your corporate data without jeopardising employee productivity. It will monitor your devices, both employee-owned and those provided by the business, making sure they comply with corporate security policies. With some careful planning you are able to configure the service up so that you don t have to do anything if devices fall out of compliance as the service can take action automatically, in the form of a pre-configured workflow. Some of these actions could include: Warning the administrator that there may be a problem Sending a message telling the user to do something Preventing the user from accessing his corporate email account from his device Wiping corporate data, apps and documents from the device while leaving personal data untouched As an example, you could create a policy listing restricted, approved and required apps for your users. If they breach these rules and their device goes out of compliance, the device could be blocked from accessing corporate resources such as email accounts, Wi-Fi, and VPN after a predetermined time period, say24 hours. You could then assign this policy to all devices or a specific group such as all active Android devices that have reported in to MobileFirst Protect in the last seven days. To signup for a 30 day trial of MobileFirst Protect visit: www.devicemanager.co.uk 2015 - Trinsic Limited 5 www.trinsic.co.uk

10 Top Tips for Enterprise Mobility Management Top Tip no. 1: Know Your Industry s Regulations Many of your decisions will be defined by the regulations specific to your industry. Armed with this knowledge you can set up your policies and group devices accordingly. In our experience most organisations like to keep things simple and only have a few groups. For example: 1. Corporate devices 2. Personal devices 3. ios devices 4. Android devices 5. Windows Devices Try to keep things simple. Many of your settings will be the same for each policy across device platforms, as the requirements of your industry will be the same. Ongoing maintenance will be easier if you treat all your users the same way as much as possible, in practice. Top Tip Number 2: Require Passcodes Of all the ways to protect your devices, requiring passcodes probably gets you the greatest results with the least effort. Small devices like tablets and smartphones are easy to lose, so the chances of them ending up in someone else s hands are relatively high. The added advantage of applying a passcode to ios devices is that it automatically enables data encryption. Types of Passcodes Name Description Example Simple Repeating, ascending or descending values 1111, 2233, 1234, 0987, xyz Numeric Requires at least one number 184, 1066, 1490, xyz1 Alphanumeric Requires at least one letter and one number itbgc11, g2t, pick1e Complex, Alphanumeric with Special Characters Requires at least one letter, one number, and a special character. May also require at least one uppercase and one lowercase letter Tlso4r#, wntg?stio2f, R!h9 Pattern Android only. The device displays rows of dots, and the user slides his finger across them in a certain order to gain access Minimum Length You can have passcodes from one to sixteen characters long. Longer passcodes are more secure but your users may have trouble remembering them. 2015 - Trinsic Limited 6 www.trinsic.co.uk

Passcode Expiration You can require your users to enter a new passcode after a specified period of time. When time s up, they ll have to change it. Passcode reuse You can prevent your users from using the same two or three passcodes over and over. Require passcodes on all devices that will access corporate resources. Passcodes are your first line of defence. The most secure passcodes are complex. We recommend requiring your users to have alphanumeric passwords with at least one uppercase and one lowercase letter, even though your industry may not require them yet. We recommend that passcodes be at least four or five characters long. We also recommend that you set up passcode expiration. Requiring a different passcode everytime they change it is probably overkill, but you should probably set up some reuse restrictions. Look at your industry s rules and regulations as a guide. MobileFirst Protect allows you to set up passcode policies quickly and easily with default policies available for ios, Android and Windows Phone devices. To make your changes, just edit one of the MobileFirst Protect default policies. There are even more options than we discussed above which will come in handy if your industry has very stringent passcode requirements. With a few clicks you can make your passcode policy a reality. 2015 - Trinsic Limited 7 www.trinsic.co.uk

Top Tip Number 3: Enforce Encryption Apple s ios provides block-level encryption on all devices from iphone 3S onwards. When a user sets up a passcode, it automatically starts using the file-level encryption data protection element. As a result, if you require your users to protect their ios devices with a passcode, you don t really need to worry about encryption. ios will handle it automatically. Windows Phone 8 and 8.1 fully support device encryption but Google s Android operating system is a different matter. Some devices don t support encryption at all (usually the earlier models and operating system versions). If you need to enforce encryption, you might have to refuse to support some Android devices. Encryption is a must-have. You may encounter some resistance if you don t support devices that cannot be encrypted, but it s worth it in the end to know that corporate data is being stored securely. We strongly recommend you prevent any devices that cannot be encrypted from connecting to your corporate resources. MobileFirst Protect can identify the Android devices that cannot be encrypted. You can also use MobileFirst Protect s Compliance Engine to block devices from accessing corporate resources. 2015 - Trinsic Limited 8 www.trinsic.co.uk

Top Tip Number 4: Restrict Device Features as Necessary If your industry requires it, you may need to disable certain features on the devices. As an example, you may want to disable the device camera to protect proprietary information if your users work in a secure environment. The operating system (O/S) can also make a difference here as device O/S features provide different levels of functionality. For example, you may want to prevent ios users from storing data to icloud or from accessing Siri when the device is locked. If these devices are owned by your employees, not given out by the company, you may want to restrict as little as possible. For company owned devices we recommend applying the following restrictions: Accessing Siri when the device is locked Make Bluetooth non-discoverable Syncing documents to icloud (although we don t recommend restricting backing up other things to icloud or syncing using Photo Stream) Camera, screen captures, and YouTube if it is required for your industry On ios devices, we recommend the following settings for Safari: o Leave the fraud warnings on o Block pop-ups o Accept cookies only from visited sites MobileFirst Protect provides a number of choices for your devices. You can quickly and easily put into place the safeguards to protect devices. MobileFirst Protect has many more choices than shown here, so you can make sure you re in compliance with your industry s requirements. 2015 - Trinsic Limited 9 www.trinsic.co.uk

Top Tip Number 5: Keep a Watchful Eye on Apps Apps can improve productivity enormously, but they can also open up your organisation to risks. Some apps like Dropbox allow your users to store documents outside your span of control. It makes things easier for them, but what happens when they subsequently leave the company? It might make sense for you to restrict some apps, depending on what is dictated by your industry or corporate security policies. You might also want to allow or require other apps. Some of our customers require employees to have the same collaboration tools so teams can work together. 1. Use your MDM solution to restrict, allow and require apps you need to encourage productivity while keeping your corporate data safe. 2. If your MDM solution has one, use a corporate app catalogue to push helpful apps to your users. 3. Ensure all apps likely to contain corporate data are provisioned through an EMM platform that supports Selective Wipe to ensure company data is removed from devices should an employee leave with the device. Policies allow you to specify restricted, allowed and required apps. MobileFirst Protect also offers an App Catalogue that you can use to push market or enterprise apps directly to your devices. The App Catalogue is set up so it keeps personal apps separate from corporate apps. That way, when an employee leaves the company, you can easily remove all the corporate apps without touching any of the personal ones. As an option you can also add Trusteer Mobile Threat Management to monitor and remediate mobile malware and risks caused by suspect applications. 2015 - Trinsic Limited 10 www.trinsic.co.uk

Top Tip Number 6: Enrol Apple ios Devices through an Apple Configurator The Apple Configurator is a free application downloaded from the Mac Appstore that can be installed on a Mac and can be used to pre-configure ios devices in bulk prior to deployment. It is used extensively in the education sector, often in place of MDM, in scenarios where devices are issued for short term assignments then wiped and re-provisioned to other users. In an Enterprise scenario one useful feature of using an Apple Configurator is that devices can be configured in Supervised mode. When a device has been enabled for Supervision you are in much greater control of the device. When ios7 was released Apple introduced, a new anti-theft measure called Activation Lock that is enabled automatically when a user sets up their device and switches on the Find My iphone/ipad feature. This feature registers the device with Apple and locks it to the user s Apple ID permanently or until the user signs out of the itunes account on the device. Even if the device is wiped to factory defaults it still can t be redeployed without entering the password for the previous user s itunes account. By Supervising the device Activation Lock can be disabled to prevent this happening. Setup all new ios devices through an Apple Configurator as Supervised devices prior to enrolment with your MDM solution as the Configurator will wipe all data from devices and update them to the latest version of ios. This will not only prevent Activation Lock from being enabled but will also enable additional device management functionality. If this is not a viable option, ensure all users setup their device with an itunes account based on their company email address. This way, if they leave your organization without removing the itunes account you can get access to their email to enable an itunes password reset in order to redeploy the device. MobileFirst Protect provides the capability to manage the additional settings available for Supervised devices. With the release of ios8, for Supervised devices, Activation Lock can be disabled through the MobileFirst Protect console. 2015 - Trinsic Limited 11 www.trinsic.co.uk

In addition MobileFirst Protect supports automatic device enrolment to the platform straight from Apple Configurator. A profile can be downloaded from the MobileFirst Protect Portal. This profile can then be installed in the Configurator so that all Supervised devices will automatically enrol to MobileFirst Protect as soon as they get an Internet connection either by Mobile or Wi-Fi networks. All an administrator needs to do is to assign a user to the device and assign required security profiles. 2015 - Trinsic Limited 12 www.trinsic.co.uk

Top Tip Number 7: Distribute settings Over The Air (OTA) Your wireless network, VPN and passcode settings may possibly be the same for all your users. Configuring them all individually could be a lot of extra time and trouble for your IT team. Some MDM solutions will let you create settings once and then push them to your users. Use a policy to push your wireless network, VPN and passcode settings to your users. If you push them OTA, the process will be automated and you won t have to touch each device. That can save your IT department a great deal of time and effort. In addition, you don t have to track down all of your devices and bring them in to reconfigure whenever a wireless passcode changes. When someone leaves the company, you can remove their access and data the same way. You don t need to try to track down someone s personal device as they re leaving just remove the corporate settings and information remotely. MobileFirst Protect allows you to set up these profiles for your users in minutes. Then you can push them to your users OTA. When someone leaves the company, you can remove the profiles remotely, using the Selective Wipe option which will remove all corporate settings and data. 2015 - Trinsic Limited 13 www.trinsic.co.uk

Top Tip Number 8: Warn first, then remediate policy violations When your users do something that puts their device out of compliance, it s a good idea to give them notice prior to taking any drastic action. Although you probably have the ability to take action right away, a better approach is to send them a message and give them the opportunity to remediate the noncompliance themselves before doing anything extreme. Set up device management options to automatically handle out of compliance situations. Send users a message explaining the company s policy and why they are out of compliance with it. In most cases, you can give them some time to fix the problem before taking action (although there may be exceptions). Your MDM solution should be able to do all this automatically, without your IT department having to learn of the problem and then take action. With MobileFirst Protect s Compliance Engine you can set up automatic enforcement actions. You can set up enforcement actions for a number of scenarios. Each one can be handled differently everything from automatically sending a simple email to the Administrator to remotely performing a Selective Wipe. Best of all, this can be done without any manual involvement. 2015 - Trinsic Limited 14 www.trinsic.co.uk

Top Tip Number 9: Test Your Policies Before you deploy a policy to any of your users, you should first deploy it to a group of test users. This is especially important if you have a lot of devices to manage. MobileFirst Protect allows you to either designate a group of users as test users or publish a policy to one or two individual users. With a few clicks you can deploy a new policy to those devices so the users can verify functionality. If there s a problem, you can roll back the policy and edit it. If all goes well, you can publish the policy to the remainder of your users. Top Tip Number 10: Monitor Your Devices After your policies are in place, you ll want to make sure your users are following them. Your MDM solution should provide you with statistics on how compliant your devices are. You should be able to easily see how many devices are out of compliance, and identify which devices they are. The MobileFirst Protect Home page displays My Alert Center, a dashboard of important information that you can customize to meet the needs of your organization. The alerts are red, green or blue. Security alerts can be red or green, depending on if the situation needs attention. Information alerts are blue. When you know which devices are out of compliance, you can take the appropriate action, based on your organisation or industry s rules and regulations. 2015 - Trinsic Limited 15 www.trinsic.co.uk

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information